AIM

MSN

Website URL

ICQ

Yahoo

Jabber

Location

Interests

Hey all. For weeks now, Malwarebytes has been warning me that chrome has outbound adware that it is blocking. The program is techsuperb.biz. I can't find how to remove it. Malwarebytes AdwCleaner hasn't found it either. Any help?

I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan
The IP it's trying to connect to is: 37.97.195.205
The port keeps changing on every popup.
Type is: Outbound Connection.
Category: Trojan
Domain: nnnnmm.com
Is this something serious? It says it is due to chrome.exe
Any help would be appreciated.
FRST_17-03-2019 23.55.00.txt
Addition_17-03-2019 23.55.00.txt

I installed Malwarebytes due to some suspicion that I was infected and ran it. Clearly there was something going on and Malwarebytes did some cleaning.
After it was done, I keep getting this popup every 15 seconds, saying: Website blocked due to Trojan
The IP it's trying to connect to is: 66.42.80.240
The port keeps changing on every popup.
Type is: Outbound Connection.
Category: Trojan
I even added an Outbound and Inbound firewall rule in Windows Defender Firewall blocking this IP address, but the popups wont stop.
Is this something serious? I've seen many topics on this forum, but none of them have a solution.
Help would be appreciated.

Hello, I just had a bit of an issue today and on the 4th. Malwarebytes blocked an outbound connection multiple times (Three times today, twice on the 4th). All five times it has happened has been with the same domain and IP address. I'm not very good with computers, so I was wondering am I possibly infected? And if I am, what can I do to fix this? AVG detects nothing wrong with my computer.
Thank you for any help!
EDIT: I'll just add that I've always gone of the same sites for years and never had any issue with any of them. Today and on the 4th, Malwarebytes blocked the connection pretty much a few minutes after I open Chrome. After that everything seems to be fine.
Here is a copy of the most recent blocked connection.
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 4/9/18
Protection Event Time: 5:41 PM
Log File: 945b36d2-3c4f-11e8-a005-18dbf2281498.json
Administrator: Yes
-Software Information-
Version: 3.4.5.2467
Components Version: 1.0.342
Update Package Version: 1.0.4670
License: Trial
-System Information-
OS: Windows 10 (Build 16299.309)
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Category: Malware
Domain: f1hungary.fw.hu
IP Address: 217.65.97.118
Port: [64169]
Type: Outbound
File: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(end)

Hey Winterstar,
I am having the same issue, started today. I had about 10 notices today all outbound, I am fairly good with computers, and could not find an infection on my machine. I will keep an eye on this post, maybe someone will have an answer.

Hello, I'm new to the forum, but already had Malwarebytes Premium (and thank God for that!). Here's my sad story.
My Windows 7 Professional 64-bit computer had been connected to a LinkSys AC1200+ wireless router, which was connected to a 3com OfficeConnect hub/switch, which was connected via the uplink to a gateway provided by TimeWarner/Spectrum Business Class. But the other night, the hub/switch failed, and I couldn't get on the Internet.
For a while, I connected the computer directly to the gateway, via one of its four ports on the back. (I reconfigured the computer's IP and DNS to a fixed IP address.) It probably was this way for less than a day. I suddenly noticed, though, some strange things:
(*) McAfee LiveSafe (which I had in addition to Malwarebytes Anti-Malware Premium, because it came with the computer) was trying to register new. It appears that something took it out.
(*) I started getting messages, seemingly one every 5 to 10 minutes, from the real-time protection from Malwarebytes that it was blocking various attacks. I then realized that being connected directly to a port on the "Wild Internet" was really dangerous. So I pulled the plug.
At this point, my Wifi finally came alive (honestly, I had never figured out how to force it to do that when connected via Ethernet, but the cable being plugged in seems to have prevented that---I never thought of that!). I'm now connected through the LinkSys AC 1200+ wireless router. The Wireless connection is configured for DHCP, so I should be safe from picking up any new infections?? (At least, that's the way it was before. The LinkSys wireless router is sitting on the Wild Internet, but it is password protected with a good strong password---NOT admin!)
I have been alarmed at some of the threats that have been blocked, as they are outbound attempts to connect to a site in Russia at a single IP address, attempting the connection through many different obscure port numbers. The site's two variations are either wmi(dot)my0115(dot)ru or down(dot)my0115(dot)ru and the IP address is 78(dot)142(dot)29(dot)114. There seem to be three executablea that were blocked from connecting, one classified as RiskWare, and the others as Unspecified. The RiskWare is coming from C:\Windows\System32\lsass.exe. The Unspecified are the following: C:\Windows\System32\wbem\scrcons.exe and C:\Windows\System32\svchost.exe.
The odd thing is that my Malwarebytes Anti-Malware Premium scan comes up clean, even though I'm still getting messages every so often that another attempt has been blocked! Does this indicate that something is masquerading as a system (whitelisted) program?? (If this is the case, then would running a threat scan in safe mode pick it up?)
Here are some miscellaneous things that may be additional infections or part of the same:
(*) There were two files that were caught and quarantined: 1) First was "Backdoor Zegost" at C:\adg.exe; 2) Second was "RansomWannaCrypt" at C:\Windows\mssecsvc.exe" Microsoft Security Center says that this file should not be allowed to run, associated with ransomware I think.
(*) While backing up some files to DVD-ROM, I noted an odd file in the Documents directory. It is called adxloader.log, and when I opened it with Notepad, it looks as though it was loading things into the Registry maybe. Since I noticed it, it had been modified to a later date, but maybe this happened as a result of opening the file with Notepad. Maybe it's something legit, but I don't recall ever seeing it before. And the stuff inside it looks pretty malicious if it isn't something legit.
(*) There is one other thing---maybe it's normal, or maybe not. When I went to try to retrieve the log file from Malwarebytes Threat scan the Documents and Settings folder shows with a padlock icon over it, and says "Access Denied" when I click on it, EVEN WHEN RUNNING WINDOWS EXPLORER AS ADMIN. Is this normal? Maybe this is for safety?? I was able to view the required logs and save them elsewhere, so not critical, but thought I'd ask.
I will attach the following files to this post: 1) The MalwareBytes Threat Scan Log (which found nothing), which I called MalwareBytesThreatScanLog.txt; 2) The FRST scan log, FRST.txt; 3) the Addition.txt log; 3) Samples of the MalwareBytes blocked threat reports from the Russian site: They are called MalwarebytesBlocked_1.txt, MalwarebytesBlocked_2, MalwarebytesBlocked_3, MalwarebytesBlocked_4 and MalwarebytesBlocked_5; 4) the adxloader.log file, re-saved as a text file. I think that's all. Let me know if you need something else.
My Windows updates are really out of date, sad to say. The updates got stuck at some point, and HP "Smart Friend" deleted a bunch of stuff, including Malwarebytes Anti-Exploit Premium, and really screwed everything up. They wiped out all of the pending updates. But I've been very ill and haven't had the energy to deal with it. I do have a backup I made when I got Acronis Backup, when the system was fairly new. And of course there faling back to a configuration from a few days ago before the hub started failing is an option. I keep all of my important files on a portable drive, though.
I won't do anything at all, such as put in the replacement hub I just got through the mail today, until given the okay. I especially won't restore my direct wired connection yet, as this would require reconfiguring my LAN connection, and I don't want to make anything worse.
Thanks for your help.
MalwareBytesThreatScanLog.txt
FRST.txt
Addition.txt
MalwarebytesBlocked_1.txt
MalwarebytesBlocked_2.txt
MalwarebytesBlocked_3.txt
MalwarebytesBlocked_4.txt
MalwarebytesBlocked_5.txt
adxloader.txt

Hello all,
I have been reading through the forum and following the advice of the forum moderators I have decided to create my own topic.
Earlier today I upgraded the free version of Malwarebytes to the 14-day premium version. Since the download has been completed, I have been getting non-stop warnings for websites blocked that are being detected as malicious. The ports are constantly changing, but the common theme is that they all come from the same IP address (37.48.125.112), are all outbound, and originate from svchost.exe
I have downloaded and ran the programs listed here https://www.bleepingcomputer.com/virus-removal/fix-malicious-web-site-blocked-alert-from-svchost.exe/ but the updates are still occurring. I have also ran Farbar Recovery Scan Tool, and I have attached my FRST and Addition txt files to this post here.
If there is anything else I need to add please let me know.
FRST.txt
Addition.txt

Greetings! If you're in the US, I hope you enjoyed your Thanksgiving. Thanks in advance for your help with this!
On 11/20 (sorry I haven't opened a report before this but the holidays are busy) I got a notice on my laptop about a blocked website. The block notices started at 2:33 pm and stopped at 4:32 pm, so roughly 2 hours. I keep Malwarebytes updated and consider myself a savvy web and email user (I work in IT) so I'm very mindful of malware. That said, I also run CCleaner, and a few months ago I downloaded a malware infected update for that software that had been planted on their site. As soon as the malware was detected I cleaned my system (the only infected files found were part of CCleaner). However, as you know that doesn't mean that nothing malicious was installed on my system and just hasn't been detected yet.
Anyway, having read the forums about this block notice I have already run the November MS Malicious Software Removal Tool and it reported that there are 0 infected files.
Here is the export of the first protection event:
Malwarebytes
www.malwarebytes.com
-Log Details-
Protection Event Date: 11/20/17
Protection Event Time: 2:33 PM
Log File: ac6c09d4-ce29-11e7-b41d-00ff8c74eff2.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.236
Update Package Version: 1.0.3304
License: Premium
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System
-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0
-Website Data-
Domain:
IP Address: 255.255.255.255
Port: [68]
Type: Outbound
File: C:\Windows\System32\svchost.exe
(end)
Please let me know if you need additional troubleshooting details and if I have a genuine malware problem or if this is a false positive.
Many thanks, happy holidays,
April